HIGH🇵🇱 Wersja polska

CVE-2023-36634

CVSS 7.1v3.1pub. 2023-09-13upd. 2024-11-21

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • Fortinet Fortiap U

    APP
    Fortinet
    7.0.05.4.0 – 5.4.66.0.0 – 6.0.46.2.0 – 6.2.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-29058HIGH7.8ten sam produkt

An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the co...

CVE-2022-30301HIGH7.8ten sam produkt

A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 throu...

CVE-2025-53680MEDIUM6.7ten sam produkt

An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [C...

CVE-2023-25608MEDIUM5.5ten sam produkt

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command li...

CVE-2019-15709MEDIUM6.5ten sam produkt

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI ad...